Submission Details
Severity:
Stream could still be Paused even after Restart the stream.
Summary
Because of no 0 amount check, the paused stream even after being called `restart` function does not restart.
Vulnerability Details
https://github.com/Cyfrin/2024-10-sablier/blob/main/src/SablierFlow.sol#L714-L725
As per the codebase, The stream paused when the RPS of a stream set to 0, so when restart the RPS should be non-zero, but there is no check that the `newRatePerSecond should be != 0`. And there is no point that even after restart the RPS of the stream is 0.
function _restart(uint256 streamId, UD21x18 ratePerSecond) internal {
// Check: the stream is not paused.
if (_streams[streamId].ratePerSecond.unwrap() != 0) {
revert Errors.SablierFlow_StreamNotPaused(streamId);
}
// Checks and Effects: update the rate per second and the snapshot time.
// @audit no check that ratePerSecond should be non-zero
_adjustRatePerSecond({ streamId: streamId, newRatePerSecond: ratePerSecond }); // FOUND
// Log the restart.
emit ISablierFlow.RestartFlowStream(streamId, msg.sender, ratePerSecond);
}
Impact
Low
Tools Used
Manual Review
Recommendations
Add the following check in the `_restart` function.
function _restart(uint256 streamId, UD21x18 ratePerSecond) internal {
// Check: the stream is not paused.
if (_streams[streamId].ratePerSecond.unwrap() != 0) {
revert Errors.SablierFlow_StreamNotPaused(streamId);
}
// Checks and Effects: update the rate per second and the snapshot time.
+ if(ratePerSecond == 0) revert Errors.SablierFlow__ratePerSecondIsZero();
_adjustRatePerSecond({ streamId: streamId, newRatePerSecond: ratePerSecond });
// Log the restart.
emit ISablierFlow.RestartFlowStream(streamId, msg.sender, ratePerSecond);
}
Updates
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
69929 USDC / LOC
19,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.